In Brief: Chat with MS about WUS and More; New Shellcoders Resource; eEye on Security; Phishing for Fargo

Microsoft will host several chat sessions in the coming weeks where interested parties can join in to question the company directly about various products. On Friday, March 19, the company will host a chat regarding its new Dynamic Systems Initiative, which includes the upcoming Windows Update Services (WUS), formerly Software Update Services (SUS) 2.0. Also on March 19, you can chat with the company about Windows Server 2003 RC1 as well as Windows XP SP2.

On the 22nd the topic of chat will be the management of Windows Server 2003 using the command line, and on the 24th the chat will cover “a truly secure network.” On the 31st the engineers and architects who design Kerberos in the Windows platform will be available to answer questions about deployment and troubleshooting.

On April 7 you can grill Microsoft about its new WUS product and also question the company about your wireless security concerns. If you're interested in ISA Server 2004 as a solution for some of your security needs then you might consider attending the related chat with on April 23.

There are a lot more chat sessions scheduled, including a chat about Longhorn if you want skinny straight from the horse's mouth. Check the Microsoft chat page for complete details about all the scheduled and upcoming chat sessions.

The Shellcoder's Handbook

A new book, “The Shellcoder's Handbook: Discovering and Exploiting Security Holes” from publisher John Wiley & Sons, is due to be released the week of March 22. The authors are well-known in the security field and include Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan Eren, Neel Mehta, and Riley Hassel.

According to the book's back cover, the information covers a range of information including “introductory-level exploitation and \[the exposure of\] vulnerabilities in binaries to advanced content on kernel overflows. In addition, \[the book provides the reader\] with advanced techniques to close new security holes that are not yet known to the public but could cause devastating consequences.”

eEye Digital Security is ever-busy hammering products to find security problems. According to the company's Research Web site, they have discovered five new vulnerabilities and reported them to their respective vendors. The problems are in products from IBM, Apple, ISS, and Microsoft, where eEye considers all the vulnerabilities high risk, except one, which is considered a medium risk.

Since the vendors have been informed of eEye findings we can assume they are working to produce patches and once the patches are available the public will be informed. And, as is usually the case eEye will release more detail regarding their discoveries. For more information about the problems, including which specific products are affected be sure to visit eEye's Research Web site.

Phishing for Fargo

Another phishing scam is underway, this time targeting customers of Wells Fargo banks. The scam arrives as an HTML- and Javascript-based email that tries to entice users to enter their online banking login credentials in a Web form. If you receive email from any vendor, bank, online payment center, or other financial institution the best probable course of action is to either ignore it, or report the event back to the purported business. You can learn more about the latest Wells Fargo scam as well as other phishing scams at Anti-Phishing Web site.